Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
create_share
New Contributor II

Multiple Paths to the Same Destination

Hi,

 

We have an IPSec Tunnel between office1 and office2 to connect two Servers. We need office1 users to connect to the server in office2 using another interface instead of the IPSec Tunnel and let only the servers communicate over IPSec. How can we achieve this, if it is possible?

 

BR.

1 Solution
Toshi_Esumi
SuperUser
SuperUser

If you don't have to let all users/machines (including "office1 users") to use the IPsec when the "another interface (MPLS or point-to-point circuit?) " goes down, that's probably the easiest way to do it.
Remember, a policy route "sticks" even when the interface goes down. So if that happens, those "office1 users" can't get to office2 over the IPsec.

If you want to control those situations more flexibly, including based on sources and destinations, you have to set up a SD-WAN zone and put both the IPsec and another interface as members and set proper rules who uses which path in what situations more in detail.

 

Routing protocols would work for selecting the destinations only. So if you need to control the paths based on the source users/groups, they wouldn't work.

Toshi 

View solution in original post

2 REPLIES 2
create_share
New Contributor II

After creating a policy route, it is working. Is this the correct way to do it?

Toshi_Esumi
SuperUser
SuperUser

If you don't have to let all users/machines (including "office1 users") to use the IPsec when the "another interface (MPLS or point-to-point circuit?) " goes down, that's probably the easiest way to do it.
Remember, a policy route "sticks" even when the interface goes down. So if that happens, those "office1 users" can't get to office2 over the IPsec.

If you want to control those situations more flexibly, including based on sources and destinations, you have to set up a SD-WAN zone and put both the IPsec and another interface as members and set proper rules who uses which path in what situations more in detail.

 

Routing protocols would work for selecting the destinations only. So if you need to control the paths based on the source users/groups, they wouldn't work.

Toshi 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors